Ignore google-cloud-storage and google-api-client major version upgrade for dependabot #16072
Conversation
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
cwperks
changed the title
…de for dependabot (#16072) * Ignore google-cloud-storage major version upgrade for dependabot Signed-off-by: Craig Perkins <cwperx@amazon.com> * Include google-api-client Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 949b31f) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
|
@cwperks - Are these major version upgrades breaking in nature? If non-breaking, then instead of disabling the upgrades, we can just create up issues and someone can upgrade these dependencies. If breaking, then we should identify & upgrade these dependencies only for In either scenario, disabling upgrades just to reduce noise doesn't seems like the ideal way to go ahead here. Also, I guess there is a command to tell dependabot to not upgrade certain package upgrades in PRs itself. Disabling them in code imply that we don't want to upgrade them at all - unless it gets identified by security vulnerabilities /CVEs. Thoughts @dblock? |
…de for dependabot (#16072) (#16094) * Ignore google-cloud-storage major version upgrade for dependabot * Include google-api-client --------- (cherry picked from commit 949b31f) Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
|
I am +1 on creating an issue on doing a major upgrade for these (and removing the change @cwperks added to prevent dependabot from doing the upgrade). |
|
Just got back from vacation. I will create an issue for tracking this and mention that these lines will need to be removed on upgrade. |
Description
Creating this PR to reduce some noise from dependabot. Dependabot has been making PRs that upgrade google-cloud-storage from 1.x to 2.x which cannot be merged since additional code changes need to be made to adopt 2.x.
This PR mutes dependabot to prevent it from making any more PRs on a major version upgrade for this dependency in any of the modules under the
/pluginsfolder.Example PRs which will require additional changes:
You can find the syntax for dependabot.yml here: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.